If you need another reminder to be careful when downloading new apps for your devices, a new batch of malicious apps has been discovered stealing both data and money from unsuspecting users. As reported by Laptop Mag(opens in new tab), these 203 malicious iOS and Android apps were first discovered by Thailand’s Ministry of Digital Economy and Society (DES) and the UK’s National Cyber Security Centre (NCSC).

In an era of quantum computing "arms race", it is time to transition to quantum-safe systems.

We’re changing some of our security practices. Here is what you need to know to ensure a smooth transition.

Nearly two-and-a-half years after the Trump administration threatened to ban TikTok in the United States if it didn't divest from its Chinese owners, the Biden administration is now doing the same.

A popular ransomware operator claims to have compromised Ring, the Amazon-owned company that builds smart doorbells with cameras. A new report on Vice’s Motherboard states that the group known as ALPHV, popular for its use of the BlackCat encryptor malware, added a new entry to its leak site, next to which is Ring’s logo.

It has become clear that there is little clarity in the law about the obligations an employer owes to its current and former employees

A device’s built-in security is often enough, but stay on top of updates, passwords

The White House on Thursday released an ambitious national cybersecurity strategy that calls for new federal regulation of vulnerable critical infrastructure firms and for software makers to be held liable when their products leave gaping holes for hackers to exploit.

The social media site says that a phishing incident led to the theft of company data but that user data is safe. Reddit says that it was hacked earlier this month, in a security incident that compromised some company data. However, the company says that Redditors have no need to fear because user data was not impacted by the episode—at least, that the company knows of...“so far.”

Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack. A post by Reddit CTO Christopher Slowe, or KeyserSosa, explained that on February 5 the company became aware of the “sophisticated” attack targeting Reddit employees. He says that an as-yet-unidentified attacker sent “plausible-sounding prompts,” which redirected employees to a website masquerading as Reddit’s intranet portal in an attempt to steal credentials and two-factor authentication tokens.

Finally end-to-end encryption comes to iCloud. The system can be a bit buggy, but promises a substantial security upgrade. The cloud has always been a convenient place to store your files, but a hostile place for security. With your files backed up on a company’s servers somewhere, they are at risk to demands from authorities to access them, or hackers that may break into the company’s infrastructure.

A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' has been shared publicly on a hacking forum. BleepingComputer has confirmed the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server.

With many using mobile apps for financial transactions, emails, and social networking, the best mobile VPNs of 2023 can ensure your information remains yours.

Lots. And, bad news, kids, it will not be easy to manage.

Major security flaws have been found in Mercedes, Ferrari, and other top luxury cars which could have allowed threat actors to steal the owners’ personally identifiable information, track their vehicles, and in some cases - even unlock and start the cars. Almost two-dozen car brands were affected by the flaws, including top brands such as BMW, Roll Royce, Mercedes-Benz, Ferrari, Porsche, Jaguar, Land Rover, Ford, KIA, Honda, Infiniti, Nissan, Acura, Hyundai, Toyota, and Genesis.

It’s been two weeks since we reported that Anker’s Eufy lied to us about the security of its security cameras, and we’ve been pushing the company for answers ever since. But the company hasn’t answered a single one of our questions — in fact, I haven’t gotten a single reply since December 1st. Today, on a whim, I thought I’d take a peek at Eufy’s website... maybe find some answers there? Instead, I found that Anker has quietly scrubbed all of its most promising privacy promises from its “privacy commitment” page. It got nerfed — hard.

In short, they’re not. But a new Chubb report finds increasing cyber anxiety, as well as people clinging to bad security habits. (Seriously, that ‘keepsake password’ has to go.)

For years, Big Tech has insisted that the death of the password is right around the corner. For years, those assurances have been little more than empty promises. The password alternatives—such as pushes, OAUTH single-sign ons, and trusted platform modules—introduced as many usability and security problems as they solved. But now, we’re finally on the cusp of a password alternative that’s actually going to work.

What appeared to be one simple Linux Wi-Fi networking security problem was soon revealed to be five different nasty Wi-Fi security problems. Fortunately, the patches are on their way.

Microsoft Teams stores authentication tokens in unencrypted plaintext mode, allowing attackers to potentially control communications within an organization, according to the security firm Vectra. The flaw affects the desktop app for Windows, Mac and Linux built using Microsoft's Electron framework. Microsoft is aware of the issue but said it has no plans for a fix anytime soon, since an exploit would also require network access.